These last few weeks have underscored how difficult it is to achieve absolute privacy in our digital lives, including in crypto.
Maybe it’s time to acknowledge we can’t just rely on technology to protect this important right. It's time to also take on the difficult task of convincing governments to install legal protections.
Consider these recent news items: the Bored Ape Yacht Club (BAYC) founders doxed; a New York couple arrested for conspiracy to launder the Bitfinex hack’s proceeds; the co-founder of the notorious failed exchange QuadrigaX discovered to be the pseudonymous co-founder of Avalanche money market Wonderland; the seizure of crypto funds donated to Canada’s protesting truckers; and the apparent unveiling of the mastermind behind the 2016 attack on The DAO.
You’re reading Money Reimagined, a weekly look at the technological, economic and social events and trends that are redefining our relationship with money and transforming the global financial system. Subscribe to get the full newsletter here.
All these incidents demonstrate that it’s extremely difficult, if not impossible, to escape someone who’s determined to track you down. Know-your-customer (KYC) rules, multiple passwords and data-tracking systems, with countless stores of information about our on- and offline lives held on corporate-owned servers around the world, all militate against our online privacy.
(I will say this, though: Satoshi Nakamoto was a master at OpSec.)
In each case, with varying degrees of popular support, the people who revealed these identities justified their actions in the public interest. On the other side: crypto advocates who were often incensed by these invasions of privacy, especially in the BAYC and trucker cases.
Read more: CoinDesk's Privacy Week
I don’t wish to reexamine the trade-off between the right to privacy and the public’s interest in transparency that I explored two weeks ago. However, I will say the industry’s condemnation of such actions can also be seen as a mark of its failure. I mean, if coin mixers, pseudonymous identifiers and self-custody wallets achieved what they’re supposed to achieve, crypto supporters would have nothing to complain about.
After reading journalist Laura Shin’s bombshell about The DAO hacker, for which she worked with blockchain forensics firm Chainalysis to trace the movement of the 3.6 million ether drained in the 2016 attack and named Austrian programmer Toby Hoenisch as the likely culprit, I’m inclined to concur with blockchain developer Nelson Galeman. He tweeted: “The lesson here is: DO NOT STEAL CRYPTO... data is public. Question is not IF you will get caught, but WHEN.” (Hoenisch has denied the accusation, but still.)
Bad guys aren’t the only ones caught out
This idea there’s nowhere to hide would perhaps be entirely positive if the only people seeking privacy in their crypto transactions were thieves. In fact, you could say the threat of being traced adds a whole new security layer to the crypto ecosystem. It’s a disincentive to hackers.
But thieves aren’t alone. Activists fighting for good causes such as Afghan women in Taliban-controlled Afghanistan, or Myanmar’s government in exile, or protesters in Nigeria, increasingly use crypto to bypass official censors and fund their operations. At the other end of the spectrum, businesses need privacy lest their competitors get wind of their operations and front-run them. Keeping money flows obscured is vital for the functioning of both democracy and markets.
He’s right: There’s no freedom of speech if people can’t pay for the computing equipment needed to get their subversive ideas out or if they have no paycheck to sustain themselves. And, in turn, that freedom to transact depends on there being no capacity to monitor fund movements by third parties such as governments. Privacy and freedom to transact are intrinsic to each other.
The freedoms to which 6529 refers are truly at risk. Governments and Big Tech are more empowered than ever to track transactions.
That’s the case in traditional finance as well as in crypto, where institutions are now adding increasingly sophisticated blockchain forensics to their existing monitoring capabilities for traditional banking’s know-your-customer data and to access personal information accumulated by internet platforms.
Maybe a purely crypto circular economy, where funds never come in or out of the fiat banking system, would leave our identities better protected.
But crypto is populated by subpoenable entities, such as centralized exchanges, hosted wallets and stablecoin reserve managers. Even decentralized exchanges are open to scrutiny through the foundations that manage their codebases.
The sheer number of breaches and rug pulls in decentralized finance since that infamous DAO hack continue to make DeFi a fringe area where privacy advantages are, for the average person, outweighed by volatility, complexity of use and security risks.
Indeed, the biggest problem with all these breaches is not the cryptography per se – we know that zero-knowledge proof inventions such as zk-Snarks do actually protect privacy. It’s the weak points of human failure that make the crypto community’s privacy utopia so hard to achieve. That’s what we need to address.
Time to engage
Because of those ever-present weak human links, I now think we have no choice but to engage with governments. The crypto community, along with human rights organizations and others with an interest in financial inclusion, as well as media businesses and others invested in non-fungible tokens (NFT) and DeFi projects, should be lobbying policymakers to ensure that the coming wave of digital currency rollouts is accompanied by a legal framework that enshrines privacy protections into our money,
I get why that might sound naive. This week’s news out of Ukraine reminds us that nation-states are wont to exert power and loath to give it up. If anything, governments have been expanding their financial surveillance, not shrinking it. And the push for a strict sanctions regime against Russia is going to bolster the hawks’ clamor for even more intervention.
Yet, that reminder also provides a gut check on some of the more utopian “sovereign individual” aspirations in crypto.
Read more: Haseeb Qureshi - 4 Reasons Privacy Coins Haven't Taken Off
The key, I think, is to use the core problems of instability in the international system to our advantage. I believe this moment actually provides an opportunity for Western governments such as the U.S. to use new technologies to advance the influence of liberal democratic ideals. The challenge is they’ll have to wean themselves off the intoxicating but mostly illusory sense of power that comes from financial surveillance.
Given the current geopolitical turmoil and some nascent questions around the longevity of the dollar’s international reserve currency status, the U.S. could for the first time in a century be forced to compete with other countries’ currencies, such as China’s.
Once national currencies go digital and can bypass Wall Street’s banking gatekeepers, the battle will be on. And one way for the U.S. to win it will be to adopt a more pro-privacy approach. It could offer a model of freedom that’s commensurate with its Constitution and more appealing than China’s “panopticon.”
If this system is designed right, it need not result in more criminals trafficking drugs, arms or human beings. In the name of freedom and equal access, authorities could deregulate peer-to-peer cryptocurrency payments and roll back KYC identification. At the same time, they could use zero-knowledge proofs to limit traceable data to non-identifying information while still employing blockchain forensics and cluster analysis to get leads on suspicious activity.
In other words, there is a way to catch bad guys without subjecting the world to surveillance or denying the freedom to transact.
What we need is a risk-based approach. If we give people control over their assets, there will be less of an incentive for criminals to spend the time and effort to go after those relatively small nodes or, by the same token, for governments to surveil them. Value extracted both from criminal activity and from deploying surveillance only really accrues when the amounts involved are high. The trick is to change the economics of crime.
Now, off you go. Convince your local congressman there is another way.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.